Re: Admin access for users in case of emergency?
From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 08/20/04
- Next message: Steve: "Re: unable to access some https sites"
- Previous message: bill: "Re: Admin access for users in case of emergency?"
- In reply to: bill: "Re: Admin access for users in case of emergency?"
- Next in thread: Jeff Cochran: "Re: Admin access for users in case of emergency?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 Aug 2004 15:57:04 +0200
Bill,
I don't think anyone will blame you for anything that happens while you are
away. What you can do is log any access to envelope that holds usernames and
passwords -- users have to sign that they opened it and read the data. Next
thing you can do is log any access to server and any actions that users take
(even just reboot).
One thing that I would try is to teach someone from your office to do at
least basic tasks (basic troubleshooting to know the difference when server
is giving them hard time or is it client's problem). Give them check list
(first try this, second try this ... last thing on this check list would be
... reboot the client PC). Only if more then e.g. 50% of PC has same
problems reboot e.g. server...
If you hide this data and users will feel the need to reboot the server,
they will just pull out the electricity cable. Since I know what this can do
to e.g. Exchange database :-) I will much rather give them username and
password that will allow them restart operation.
Mike
"bill" <bill@discussions.microsoft.com> wrote in message
news:9A770740-EF68-46F5-ACCA-0D6A2C10ACA8@microsoft.com...
> Thanks Miha, that was the exact response I got from managment. However,
the
> other day I had to leave and a manager's PC was acting funny, so he
decided
> he wanted to reboot the server, before calling me. I guess my concern is
that
> there is a large possibility for abuse, and where does one draw the line?
How
> should policy reflect this?
>
> "Miha Pihler" wrote:
>
> > Hi Bill,
> >
> > Sorry, but I agree with your management, still I understand you. I was
in
> > same situation few times in last few years.
> >
> > You should create full administrator (also for any other services that
use
> > separate accounts) and write down necessary information and store it in
safe
> > place (like safe).
> > In case of an accident (e.g. I get hit by a car or have accident while
> > mountain biking) my company still has to live on.
> >
> > You should also write down basic configuration and information of your
> > network that someone else may be able to use in case you are away. This
> > information should also be stored on second location. I remember one of
my
> > clients had all processes written down including server restore
procedures.
> > This was available on intranet. Problem was that the only server that
died
> > was intranet and they didn't have hard copy of restore procedures...
> >
> > Mike
> >
> > "bill" <bill@discussions.microsoft.com> wrote in message
> > news:19ADFED3-5FE6-45AE-9396-3B99D2A439CA@microsoft.com...
> > > Hello list,
> > >
> > > This is somewhat of a security management question. I am the sysadmin
for
> > a
> > > small, 14 user group office running typical MS backoffice products and
> > > various other networking equipment. Recently I've been asked to write
up a
> > > document that can be referred to, in the case of an emergency or that
I am
> > > unreachable, for tasks such as rebooting servers and equipment. I've
also
> > > been asked to create a generic admin account, which the password would
be
> > > locked in a safe. Somehow, this doesn't feel right with me, giving
admin
> > > access to regular users, however I can't seem to get management on my
> > side.
> > > Am I right to think this way, and if so what kind of procedure or
solution
> > > can I provide that can both satisfy the requirement that the office
must
> > go
> > > on without me in case of failure but at the same time limit admin
> > privileges?
> > > Thanks very much in advance.
> >
> >
> >
- Next message: Steve: "Re: unable to access some https sites"
- Previous message: bill: "Re: Admin access for users in case of emergency?"
- In reply to: bill: "Re: Admin access for users in case of emergency?"
- Next in thread: Jeff Cochran: "Re: Admin access for users in case of emergency?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
